WordPress Dental Care CPT Plugin PHP Object Injection Vulnerability

A deserialization vulnerability allowing object injection has been identified in the WordPress Dental Care CPT plugin, affecting versions through 20.2. This vulnerability arises from the improper handling of untrusted data, which could potentially be exploited to execute arbitrary code, inject malicious SQL, traverse file paths, cause denial-of-service conditions, and more, if a suitable payload chain is utilized.

Impact

Exploitation of this vulnerability could lead to PHP object injection, allowing for various types of code injection, SQL injection, path traversal, denial-of-service attacks, and more, depending on the presence of a proper payload chain.

Remediation

Users are advised to update to a version of the WordPress Dental Care CPT plugin that is later than 20.2. For those seeking immediate protection, Patchstack offers a mitigation rule that can be applied to block potential attacks until an official fix is available.